We take security, accuracy, and integrity very seriously.
If you discover a security vulnerability or any critical issue that could compromise:
- User data
- Website stability
- Information authenticity
- Third-party copyrights
Please report it confidentially instead of publicly disclosing it.
- Email: m.maspero at umcutrecht.nl
- Alternatively, open a private GitHub Security Advisory if available for this repository.
Please include:
- A clear description of the vulnerability.
- Steps to reproduce (if applicable).
- Any suggested fixes or mitigation ideas.
We will respond within 5 business days and aim to resolve any verified security issues promptly.
This project consists mainly of public, factual information.
However, security reports are in-scope if they involve:
- Unauthorized access or modification of the repository
- Malicious code or dependency vulnerabilities
- Leakage of confidential contributor information
- Data integrity risks (e.g., tampering of commercial product descriptions)
- Misinformation that could lead to clinical safety risks
The following are not considered security vulnerabilities:
- Typos, broken links, or formatting issues
- Disagreements over interpretation of technical data
- Lack of endorsements or certifications from manufacturers
(These can be reported via regular GitHub Issues.)
We practice coordinated disclosure:
- We will acknowledge receipt of your report.
- We will work privately with you to understand and resolve the issue.
- We will publicly disclose security incidents only after a fix is available.
- You will be credited for responsible disclosure if desired.
We greatly appreciate your help in making this project safe, reliable, and trustworthy for the entire radiotherapy community.